Chromebook runs on a unique operating system: Chrome OS, which is regarded as one of the most secure consumer-focused operating systems. So Chromebooks' users have less information security risk than those used computers of Windows or other OS.
Because Chromebook's market focuses on ordinary IT consumers, but not contributors, it has simplified many features that early computers have to provide to software developers, like flexibility of installing software and controlling resources or devices by personal settings or even scripts. Therefore, Chrome OS is relatively light in size and strict on security.
In fact, information security is the key to drive users to choose Chromebook(Chrome OS), which provides multiple layers and technologies of protection for personal data and privacy.
However, as a Chromebook user, you are the first responsible person to take care of your machine. It's your job to run and leverage built-in security features to ensure your data safe.
1. Automatic Updates
Software usually has vulnerabilities that hackers exploit to steal data or privacy. So only if any vulnerability discloses, we need to patch it immediately. Updates must be applied as soon as possible. Because Chrome OS is quite light, updates don't take long to complete.
If you're not sure if an update is available or what build you're currently running, by below steps, you will find the current build number.Settings > About Chrome OS
The most effective way to protect against malware is to keep all software up-to-date. Chromebooks manage updates automatically, so they are always running the latest and most secure version.
Google rolls out security updates as soon as they're ready and applies them when a Chromebook boots up. In other words, during the boot sequence, Chrome OS checks to see if a new update is available. If yes, installs it without interrupting the user. At this point, your Internet has to be available.
At the same time, a computer may run multiple processes. We don't have to create a separate resource pool for every process. Instead, we create a shared pool for every process. This structure gives malicious code a chance to spread the virus throughout the shared processes. Chromebook's solution is sandboxing.
Chromebook locks a process into an isolated environment without any sharing resources. Malicious code has no way out and embed it into other apps or the operating system. Namely, each web page or app runs in a restricted environment, which we call "Sandbox." Even if a Sandbox is running malicious code, it shouldn't infect the other apps on the computer. If a malware indeed escapes its Sandbox and affect outside, Chrome OS can discover it and eliminate it at the next boot.
Of course, Sandboxing theory cannot block malicious code completely. Every program and every app runs in its Sandbox. If you visit a website by browser that downloads malware into your Chrome, the malware stays in the Sandbox and runs as regular apps. What Sandbox can do is to stop its infecting. When you close the tab, the malware is gone.
3. Verified Boot
Chromebook's startup is very different from Windows or Mac machines. When Chrome OS boots, it compares every component of the operating system with the current version verified by Google through the Internet. If there is a discrepancy, it will replace with the up-to-date version. Every time the Chromebook starts up, it does the self-check called "Verified Boot."
The self-check ensures Chrome OS in the right shape; it plays a fundamental role in Chromebook security mechanism.
- Drive automatic update: download new updates of Chrome OS when Verified Boot;
- Repair corrupted OS: take Chrome OS back if malware manages to escape the Sandbox;
So we may think Verified Boot is an urgent way to protect Chromebook against malware. If a Chromebook detects that the system has been tampered in any way, it will repair itself by a verified boot, taking OS back to original status.
Note that verified boot is a real boot. Either automatic update or repair OS needs to be triggered by a boot. If you don't start up your Chromebook, these things never take place. So please shut your Chromebook down, and let it startup. It's an important step to ensure Chrome OS updated.
Windows and Mac users used to let their machines sleep, not shut down, because they need 30-90 seconds boot up. However, Chromebook is a different story, and you can start it up in 3-4 seconds.
4. Data Encryption
By design, Chromebooks store primary and critical data in the cloud, or say, in Google's infrastructure. However, your Chromebook does keep some kinds of files in local storage. It encrypts them with tamper-resistant hardware, which is very difficult for anyone to access.
The encrypted files are much safer than those in Windows or Mac computers:
- Downloaded files
- Browser cache files
5. Recovery Mode
Chrome OS is a secure operating system, but no operating system is 100% secure. What happens if a Chromebook is compromised? You can powerwash it; it means a factory reset. You will completely wipe your Chromebook's hard drive and install a clean copy of the current version of Chrome OS.
If anything goes wrong, you can push a button or use a quick keyboard combination to reset the operating system to a good version.
For a used Chromebook, more or less, you may installed some apps. After powerwash, you may lose them. If you've stored personal files on the local, you have to back them up before you powerwash and then reload them.
If you store personal files in the cloud, you don't even have to do that because Google does it for you. It's said that storing data on the cloud will bring great merit for powerwash.
If you sign into a Chromebook with Google account and turn on syncing, it should be to take maximum advantage of the Chrome OS security features. In this case, your programs and apps are always synced to Google's servers.
After you freshly powerwash your Chromebook, Google will replace all the programs and apps just as they were before. You have to wait longer for downloading and installing, but that's all you have to do.
- Power the Chromebook up
- Log in
- Wait for Google to restore
Note that if you switch to a new Chromebook, the same steps will move and install apps from the old one through the cloud.
6. Chrome Extensions
As we mentioned before, software usually has vulnerabilities. So does the Chrome OS. Chromebook heavily relies on Chrome browser, and its users run various extensions on it. However, the Chrome extension is a known pain point in Chromebook security.
We've seen too many extensions that have compromised the security of user data. Some are even from well-established companies. Back in June 2019, we read a story that the Evernote Chrome extension allowed attackers to steal data, and the victims are over 4.6M million.
Therefore, you should be careful to install any extension and only install those that you must use. Besides, you may consider third-party tools to scan extensions to ensure what you installed doesn't compromise your Chromebook's security.